Skip to content

Update pnpm deps in light of vulnerability #26

Update pnpm deps in light of vulnerability

Update pnpm deps in light of vulnerability #26

name: Update downstream
on:
pull_request:
types:
- closed
jobs:
update-downstream-repos:
if: ${{ github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'main' }}
environment: detsys-pr-bot
name: Pull request detsys-ts update to ${{ github.repository_owner }}/${{ matrix.repo }}
runs-on: ubuntu-22.04
strategy:
matrix:
repo:
- flake-checker-action
- magic-nix-cache-action
- flakehub-push
- flakehub-mirror
- nix-installer-action
- update-flake-lock
env:
REF: ${{ github.sha }}
REF_URL: https://github.com/${{ github.repository }}/tree/${{ github.sha }}
SOURCE_REPO: ${{ github.repository }}
SOURCE_PR_NUMBER: ${{ github.event.pull_request.number }}
SOURCE_PR_URL: ${{ github.event.pull_request.html_url }}
BASE_REF: ${{ github.event.pull_request.base.sha }}
DIFF_URL: https://github.com/${{ github.repository }}/compare/${{ github.event.pull_request.base.sha }}..${{ github.sha }}
DIFF_FILE_URL: ${{ github.event.pull_request.diff_url }}
GIT_USER: ${{ github.actor }}
GIT_EMAIL: ${{ github.actor }}@users.noreply.github.com
GIT_BRANCH: detsys-ts-update-${{ github.sha }}
GIT_BASE: main
GIT_HEAD: detsys-pr-bot:detsys-ts-update-${{ github.sha }}
TARGET_REPO: ${{ github.repository_owner }}/${{ matrix.repo }}
GH_TOKEN: ${{ secrets.detsys_pr_bot_token }} # for `gh pr create`
steps:
- name: Check out ${{ env.TARGET_REPO }}
uses: actions/checkout@v4
with:
repository: ${{ env.TARGET_REPO }}
token: ${{ env.GH_TOKEN }}
- name: Install Nix
uses: DeterminateSystems/nix-installer-action@main
- name: Set up Magic Nix Cache
uses: DeterminateSystems/magic-nix-cache-action@main
- name: Configure Git for ${{ env.GIT_USER }}
run: |
git config user.name "${{ env.GIT_USER }}"
git config user.email "${{ env.GIT_EMAIL }}"
- name: Make sure the repo is forked
run: |
gh repo fork
- name: Update `detsys-ts` dependency for ${{ env.TARGET_REPO }} to ref `${{ env.REF }}`
run: |
nix develop --command pnpm update detsys-ts
nix develop --command pnpm all
- name: Get last commit message
id: commit-msg
run: |
MSG=$(git show -s --format=%s)
echo "msg=${MSG}" >> $GITHUB_OUTPUT
- name: Create Pull Request
uses: peter-evans/create-pull-request@v3
env:
COMMIT_MSG: ${{ steps.commit-msg.outputs.msg }}
with:
token: ${{ secrets.detsys_pr_bot_token }}
title: "Update `detsys-ts`: ${{ env.COMMIT_MSG }}"
commit-message: "Update `detsys-ts` for: `${{ env.COMMIT_MSG }}` (`${{ env.REF }}`)"
body: |
Bump [`detsys-ts`](${{ env.SOURCE_REPO }}) to the latest `HEAD` and regenerate application bundle.
* Source ref: [`${{ env.REF }}`](${{ env.REF_URL }})
* Source pull request: [`${{ env.SOURCE_REPO }}#${{ env.SOURCE_PR_NUMBER }}`](${{ env.SOURCE_PR_URL }})
* Source diff: [`${{ env.BASE_REF }}..${{ env.REF }}`](${{ env.DIFF_URL }})
* Diff file: [`${{ env.SOURCE_PR_NUMBER }}.diff`](${{ env.DIFF_FILE_URL }})
push-to-fork: detsys-pr-bot/${{ matrix.repo }}
branch: "${{ env.GIT_BRANCH }}"
base: ${{ env.GIT_BASE }}
draft: false